License:
Free

Download pwdcheck.pl.txt

pwdcheck.pl (Size 23k) – Chris Randles v1.0 2008-05-07

PROGRAM PURPOSE:

Analyze output from the Daigpwd utility and produce a useable list of eDirectory accounts who’s eDirectory passwords are not synchronized with their Universal or Simple passwords. The output is in container order using the reverse object RDN.

PROGRAM REQUIREMENTS:

Input Requirements – The output from Diagpwd:

Use Daigpwd with the following syntax:

diagpwd <IP Address> <secure port> <Tree_Cert>.der <container to start search> sub <Admin Account> <password>

e.g. diagpwd 192.168.0.1 636 MyTree.der o=Novell sub cn=admin,o=Novell mypassword

Use redirection to output the data to a text file. e.g. add ‘> diagpwd.txt’ to the end of the statement:

e.g. diagpwd 192.168.0.1 636 MyTree.der o=Novell sub cn=admin,o=Novell mypassword > diagpwd.txt

To acquire the Diagpwd utility go to the Novell downloads web page and search for ‘diagpwd*’

NOTE: Diagpwd4 was the version at the time of writing this document.
Do not modify the output file from diagpwd!
Diagpwd takes a while to run. You can use LDAP tracing to follow it’s progress.

 
 
 
 
 
 

The program has been tested using SUSE Linux 10 on x86_64 using Perl v5.8.8 and on MS Windows 2000 SP4 using ActivePerl v5.8.8. It should run on most Linux/Unix/Windows platforms with Perl v5.6 and above.

EXAMPLE INPUT DATA (output data from diagpwd):

Object DN: cn=MyAccount,ou=IT,ou=CA,o=Novell
     EMail: ChRandles@novell.com
     Last Changed Date: 2008-04-21 22:40:45 Z
     Password Status: Enabled, Set
     Distribution Password Status: Set
     Simple Password Status: Set
     Password Policy DN: cn=Password Policy,cn=Password Policies,cn=Security

Object DN: cn=ThatAccount,ou=Accounts,ou=CA,o=Novell
     EMail: NotReal@novell.com
     Last Changed Date: [UNKNOWN]
     Password Status: Enabled, Set
     Distribution Password Status: Not set
     Simple Password Status: Set
     Password Policy DN: cn=Password Policy,cn=Password Policies,cn=Security

Object DN: cn=NFAUUser,o=novell
     EMail: [NONE]
     Last Changed Date: [UNKNOWN]
     Password Status: Universal Password disabled, Not set
     Distribution Password Status: Not set
     Simple Password Status: Not set
     Password Policy DN: [NONE]

PROGRAM OUTPUT INCLUDES:

Password_Totals.txt
A file containing all of the totals derived by the program which appear in the various output files.

Bad_Passwords.txt
     List of objects where Universal and/or Simple passwords do not match NDS password:
     Number of objects with bad Universal and Simple Passwords
     Number of objects with bad Universal Password Only
     Number of objects with bad Simple Password Only
     Total number of objects with bad passwords

Universal_Password_Not_Enabled.txt
     List of and Total number of objects with Universal Password NOT enabled

Universal_Password_Enabled.txt
     List of and Total number of objects with Universal Password Enabled

Universal_Password_Set.txt
     List of and Total number of objects with Universal Password Set

Universal_Password_Not_Set.txt
     List of and Total number of objects with Universal Password NOT Set

Distribution_Password_Set.txt
     List of and Total number of objects with Distribution Password Set

Distribution_Password_Not_Set.txt
     List of and Total number of objects with Distribution Password NOT Set

Simple_Password_Set.txt
     List of and Total number of objects with Simple Password Set

Simple_Password_Not_Set.txt
     List of and Total number of objects with Simple Password NOT Set

Users_By_Last_Password_Change.txt
     List of objects ordered by password last changed date
     Number Users without a password last changed date
     Number of Users with a password last changed date

Users_By_Password_Policies.txt
     List of objects ordered by assigned password policy
     Number of Users assigned to each password policy

Excluded_Objects.txt
     List of and Total number of objects excluded from the input data.

Passwords.csv
     A csv formatted file containing the input data. One object per line.

A Total of 14 output files are created per program run. NOTE: Output files are over-written with each run.

EXCLUSIONS FILE:

Exclusions file format is a simple text list of object CNs to ignore.
     Create a text file called ‘exclude.txt’ (case sensitive on Linux/Unix) and enter one CN per line (CN is case insensitive) e.g.:

    Backup_Exec
    Administrator
    Admin
    Proxy
    UNIX Service Handler
    NFAUUser
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

May 9, 2008
9:52 am
Reads:
1,354
Score:
Unrated